mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-04-17 22:48:28 +00:00
Code Issues Projects Releases Wiki Activity

python3-django: fix CVE-2023-41164

Browse Source 
In Django 3.2 before 3.2.21, 4 before 4.1.11, and 4.2 before 4.2.5,
``django.utils.encoding.uri_to_iri()`` was subject to potential denial
of service attack via certain inputs with a very large number of Unicode
characters.

Since, there is no ptest available for python3-django so have not
tested the patch changes at runtime.

References:
https://security-tracker.debian.org/tracker/CVE-2023-41164
https://www.djangoproject.com/weblog/2023/sep/04/security-releases/

Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Narpat Mali
2023-09-26 11:24:28 +00:00
committed by Armin Kuster
parent b25e6a9e91
commit ab9a31fabc
2 changed files with 106 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
meta-python/recipes-devtools/python/python3-django_2.2.28.bb
View File

@@ -7,6 +7,7 @@ inherit setuptools3
SRC_URI += "file://CVE-2023-31047.patch \
file://CVE-2023-36053.patch \
file://CVE-2023-41164.patch \
"
SRC_URI[sha256sum] = "0200b657afbf1bc08003845ddda053c7641b9b24951e52acd51f6abda33a7413"